RE: Where NAT disenfranchises the end-user ...
|> From: Jim Shankland [mailto:nanog@shankland.org] |> Sent: Friday, September 07, 2001 11:33 AM |> "Mike Batchelor" <mikebat@tmcs.net> writes: |> |> > Oh yes, the firewall. That convenient device that network software |> > developers can assume will always pass port 80 and 443 traffic. So |> > everything uses port 80 and 443 in the future Internet, |> and we're all the |> > better for it. |> |> Um, sure, but what are you arguing? That firewalls are useless and |> should all go away? (Good luck.) That firewalls don't |> really exist :-)? Actually, for the ports that they have proxyd for, they don't. It's called "transparency", one of those fundimentaly concepts. The ports that they block, are supposed to be blocked, by design and not by accident. Firewalls are deterministic, NAT boundaries aren't. |> Maybe it would be useful to design a base protocol that would |> provide a standardized method for things like passing an <address, |> port> tuple, or registering a desire to receive packets on a |> particular UDP port -- the kind of things that gamers, e.g., |> want, and |> that are tricky to make work through a NAT. Games, etc., could be |> written on top of this base protocol, and NATs and firewalls could |> be made to be aware of that protocol. Just a thought; any |> merit to it? You've just described a NAT proxy daemon. I've spent years trying to write one. If you are that good, send code. Or better yet, send it to www.sourceforge.org. The fundimental reason that you can't write one is that it requires a whole other protocol that 1) deosn't exist, 2)Isn't implemented, 3)Violates more than one of Dykstra's laws.
participants (1)
-
Roeland Meyer